SOC Reports

System and Organization Controls (SOC) reports are designed to help service organizations, organizations that operate information systems and provide information system services to other entities, build trust and confidence in their service delivery processes and controls through a report by an independent Certified Public Accountant.

Our SOC Services Team is committed to providing our clients with the following:

A team approach to client service, utilizing all of the resources of our firm.

A flexible, practical cost-effective approach to the delivery of a SOC product.

The technical expertise you value and the personal service you deserve.

Accessibility to engagement partners and professional staff.

A detailed proposal and project plan to ensure that you receive the appropriate solution for your business.

Affiliates in most major North American cities through our membership with the Leading Edge Alliance.

GET IN TOUCH

Contact one of Marcum's regional representatives.

What is a SOC Report?

System and Organization Controls (SOC) Reports
SOC reports adhere to a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA) to provide a mechanism by which service organizations can demonstrate the establishment of effectively designed control objectives and control activities to their customers, via an in-depth audit of the processes that are related to the services rendered to their customers.

Benefits
There are three (3) key reasons that service providers engage an auditor to prepare a SOC report:

Replaces the need of customer organizations to perform their own audits of services rendered by the service organization thereby minimizing disruption of operations.

Serves as a marketing tool by which service organizations can provide potential clients the SOC report as a validation regarding services offered.

Swipe left to view entire table

Planning

Assessment

Fieldwork

Completion

Marcum team orientation

Review relevant systems

Finalize testing procedures plan

Review final draft of report

Develop project management plan

Review relevant processes

Discuss testing procedures with management

Resolve any reporting issues with management

Finalize critical deadlines

Identify relevant control objectives

Perform control walkthrough and testing procedures

Review drafts with Management

Develop preliminary lists of documents to be prepared by client

Identify key controls

Document testing

Issue Report Adobe PDF format Bound hard copy

Conduct planning meeting with the Company's Management

Perform risk assessment

Draft summary of findings

Debrief with management including control findings and recommendations

Finalize evaluation of internal controls

Review draft report

Identify potential internal control issues/concerns

Wrap-up fieldwork

Report findings to the Company's Management

SOC Report Services

SOC Diagnostic
A SOC diagnostic is an ideal, low cost starting point for companies who have not had a SOC or other controls based audit procedures previously performed. Our SOC diagnostic is designed to assist our clients to make a determination regarding their preparedness for an actual SOC audit. Our findings, areas we believe need to be addressed prior to an actual SOC audit, are only reported internally to management.

Type I SOC Audit
Includes an opinion on the fairness of the presentation of a description of controls in operation and how the design of the controls achieves the specified control objectives as of a point in time.

Type I SOC audit may be preferable when your company:

Has never had a SOC audit performed.

Has concerns regarding its readiness for a Type II SOC audit.

Needs a SOC report to be issued within a short timeframe.

Has no contractual obligation with its customers to have a Type II SOC audit performed.

Type II SOC Audit
Report includes the information contained in a Type I service auditor's report, but also includes an opinion on whether the specific controls were operating effectively during the period under review.

Type II SOC audit may be preferable when your company:

Provides a significant level of services to companies impacted by the Sarbanes-Oxley Act of 2002.

Is contractually obligated to provide a Type II SOC audit report to customers.

Is often visited by various third parties looking to perform a variety of audit procedures.

Agreed-Upon Procedures Reviews
There are instances where it is not necessary to perform a SOC audit, but it is necessary for a company to report upon their achievement of certain control objectives. In such a scenario, we would advise an agreed-upon procedures review.

These reviews have a defined set of procedures, such as verifying the accuracy, integrity, timeliness and confidentiality of information processed by the service organization.

Designed to give independent third-party verification of selected controls to third-parties, such as customers and financial institutions, e.g. lenders.

Raffa - Marcum's Nonprofit & Social Sector Group's strength and competitive edge lies in the fact that we provide expertise and superior service across a variety of essential interrelated financial, technology and consulting competencies.

With the first tax season post-tax reform nearing completion in the U.S., the small business accounting sector has seen even more evidence that the advisory role of SMB accountants remains of prominent importance.

Marcum LLP is one of the largest independent public accounting and advisory services firms in the nation, with offices in major
business markets throughout the U.S., as well as Grand Cayman, China and Ireland.